| Subject | Re: [firebird-support] Guys! I got it! - Re: Avoiding hard-coding db pass in app - without using db users |
|---|---|
| Author | Milan Babuskov |
| Post date | 2008-11-12T08:24:12Z |
Zd wrote:
trust my users and I don't care if passwords are compromised. Each user
is responsible for security on this own end. If someone installs a
trojan on client, gets user/pass and does something bad with it, I
always blame the user.
So, it all depends who are your users and what exactly they are doing.
bother to hack into some ISP or other Internet gateway between your
client and Firebird server. Those computers are usually much better
protected as people maintaining them know about security and (should)
work on that all the time. Not to mention that those computers are more
likely to run some Linux or BSD which narrows the possible choices for
attack. Even if a hacker would break into one of those, he would still
need to do the not-so-easy task of tracing that communication among
thousands of others and capturing its TCP/IP packets.
On the other hand, a client probably uses Windows XP, and many people
don't even bother to install Microsoft's patches. They might have
anti-spyware or anti-virus software, yes. But, if you have a lot of
clients, it's very likely that you'll find one machine that is not
patched up properly and break into it.
In short: zebedee does protect you, but chances of attack coming on that
side are much lower than attack on client machine.
--
Milan Babuskov
http://www.flamerobin.org
http://www.guacosoft.com
> Are you saying the method of connection described here is not working?It is working fine. In fact, I've been using it myself for years. But, I
> http://www.firebirdsql.org/download/firebird_zebedee_eng.pdf
trust my users and I don't care if passwords are compromised. Each user
is responsible for security on this own end. If someone installs a
trojan on client, gets user/pass and does something bad with it, I
always blame the user.
So, it all depends who are your users and what exactly they are doing.
> If the hacker can get access to my computer and its memory space, no matter if I log-in using "traditional" methods (separate DB users), he will find out my DB username/password easily!Yes, that's exactly what I wrote about. If I were a hacker, I wouldn't
> If the hacker can put a trojan to my computer and gain access to it there is nothing that can protect me. If I put my database on the Internet I have to take some risks (mostly caused by the stupidity of my users installing malware on their computer - acidentally of course).
> If I really want to secure it, I can lock access to the office LAN, but then nobody will reach it from the Net...
> What do you think?
bother to hack into some ISP or other Internet gateway between your
client and Firebird server. Those computers are usually much better
protected as people maintaining them know about security and (should)
work on that all the time. Not to mention that those computers are more
likely to run some Linux or BSD which narrows the possible choices for
attack. Even if a hacker would break into one of those, he would still
need to do the not-so-easy task of tracing that communication among
thousands of others and capturing its TCP/IP packets.
On the other hand, a client probably uses Windows XP, and many people
don't even bother to install Microsoft's patches. They might have
anti-spyware or anti-virus software, yes. But, if you have a lot of
clients, it's very likely that you'll find one machine that is not
patched up properly and break into it.
In short: zebedee does protect you, but chances of attack coming on that
side are much lower than attack on client machine.
--
Milan Babuskov
http://www.flamerobin.org
http://www.guacosoft.com